Elements
We are going to
examine QoS configuration through our MPLS backbone and across the L3VPN
connection implemented to maintain connectivity between site #1(R4, R6) and
site #2 (R5, R7)
ISIS level-2 will be
the IGP used inside our MPLS backbone, and BGP will be the PE-CE routing
protocol, OSPF will be the CE-C routing protocol
Configuration
R1
vrf
definition MSSK
rd 100:1
!
address-family ipv4
route-target export 100:1
route-target import 100:1
mpls
label protocol ldp
mpls
ldp router-id Loopback0 force
interface
Loopback0
ip address 1.1.1.1 255.255.255.255
ip router isis 1
interface
FastEthernet1/0
ip address 192.1.13.1 255.255.255.0
ip router isis 1
speed 100
duplex full
mpls ip
interface
FastEthernet1/1
vrf forwarding MSSK
ip address 192.1.14.1 255.255.255.0
speed 100
duplex full
router
isis 1
net 49.0001.0000.0000.0001.00
is-type level-2-only
router
bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
address-family
vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community both
address-family
ipv4 vrf MSSK
network 192.1.14.0
neighbor 192.1.14.4 remote-as 200
neighbor 192.1.14.4 activate
neighbor 192.1.14.4 as-override
R2
vrf
definition MSSK
rd 100:1
address-family
ipv4
route-target export 100:1
route-target import 100:1
exit-address-family
mpls
label protocol ldp
mpls
ldp router-id Loopback0 force
interface
Loopback0
ip address 2.2.2.2 255.255.255.255
ip router isis 1
interface
FastEthernet1/0
ip address 192.1.23.2 255.255.255.0
ip router isis 1
speed 100
duplex full
mpls ip
no shut
interface
FastEthernet1/1
vrf forwarding MSSK
ip address 192.1.25.2 255.255.255.0
speed 100
duplex full
no shut
router
isis 1
net 49.0001.0000.0000.0002.00
is-type level-2-only
router
bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community both
address-family ipv4 vrf MSSK
network 192.1.25.0
neighbor 192.1.25.5 remote-as 200
neighbor 192.1.25.5 activate
neighbor 192.1.25.5 as-override
R3
mpls
label protocol ldp
mpls
ldp router-id Loopback0 force
interface
Loopback0
ip address 3.3.3.3 255.255.255.255
ip router isis 1
interface
FastEthernet1/0
ip address 192.1.13.3 255.255.255.0
ip router isis 1
speed 100
duplex full
mpls ip
no shut
interface
FastEthernet1/1
ip address 192.1.23.3 255.255.255.0
ip router isis 1
speed 100
duplex full
mpls ip
no shut
router
isis 1
net 49.0001.0000.0000.0003.00
is-type level-2-only
router
bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
address-family
vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
neighbor 1.1.1.1 route-reflector-client
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
neighbor 2.2.2.2 route-reflector-client
R4
interface
Loopback0
ip address 4.4.4.4 255.255.255.255
interface
FastEthernet1/0
ip address 192.1.14.4 255.255.255.0
speed 100
duplex full
no shut
interface
FastEthernet1/1
ip address 192.1.46.4 255.255.255.0
speed 100
duplex full
no shut
router
ospf 1
router-id 4.4.4.4
redistribute bgp 200 subnets
network 192.1.46.4 0.0.0.0 area 0
router
bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.1.14.1 remote-as 100
address-family
ipv4
network 4.4.4.4 mask 255.255.255.255
redistribute ospf 1
neighbor 192.1.14.1 activate
exit-address-family
R5
interface
Loopback0
ip address 5.5.5.5 255.255.255.255
interface
FastEthernet1/0
ip address 192.1.25.5 255.255.255.0
speed 100
duplex full
no shut
interface
FastEthernet1/1
ip address 192.1.57.5 255.255.255.0
speed 100
duplex full
no shut
router
ospf 1
router-id 5.5.5.5
redistribute bgp 200 subnets
network 192.1.57.5 0.0.0.0 area 0
router
bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.1.25.2 remote-as 100
address-family
ipv4
network 5.5.5.5 mask 255.255.255.255
redistribute ospf 1
neighbor 192.1.25.2 activate
exit-address-family
R6
interface
Loopback0
ip address 6.6.6.6 255.255.255.255
interface
FastEthernet1/0
ip address 192.1.46.6 255.255.255.0
speed 100
duplex full
no shut
router
ospf 1
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 0
network 192.1.46.6 0.0.0.0 area 0
R7
interface
Loopback0
ip address 7.7.7.7 255.255.255.255
interface
FastEthernet1/0
ip address 192.1.57.7 255.255.255.0
speed 100
duplex full
no shut
router
ospf 1
router-id 7.7.7.7
network 7.7.7.7 0.0.0.0 area 0
network 192.1.57.7 0.0.0.0 area 0
Verification
R1#show bgp vpnv4 unicast all
BGP table version is 13, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf MSSK)
*> 4.4.4.4/32 192.1.14.4 0 0 200 i
*>i 5.5.5.5/32 2.2.2.2 0 100 0 200 i
*> 6.6.6.6/32 192.1.14.4 2 0 200 ?
*>i 7.7.7.7/32 2.2.2.2 2 100 0 200 ?
*> 192.1.14.0 0.0.0.0 0 32768 i
*>i 192.1.25.0 2.2.2.2 0 100 0 i
*> 192.1.46.0 192.1.14.4 0 0 200 ?
*>i 192.1.57.0 2.2.2.2 0 100 0 200 ?
R2#show bgp vpnv4 unicast all
BGP table version is 13, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf MSSK)
*>i 4.4.4.4/32 1.1.1.1 0 100 0 200 i
*> 5.5.5.5/32 192.1.25.5 0 0 200 i
*>i 6.6.6.6/32 1.1.1.1 2 100 0 200 ?
*> 7.7.7.7/32 192.1.25.5 2 0 200 ?
*>i 192.1.14.0 1.1.1.1 0 100 0 i
*> 192.1.25.0 0.0.0.0 0 32768 i
*>i 192.1.46.0 1.1.1.1 0 100 0 200 ?
*> 192.1.57.0 192.1.25.5 0 0 200 ?
R4#show ip bgp
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 0.0.0.0 0 32768 i
*> 5.5.5.5/32 192.1.14.1 0 100 100 i
*> 6.6.6.6/32 192.1.46.6 2 32768 ?
*> 7.7.7.7/32 192.1.14.1 0 100 100 ?
r> 192.1.14.0 192.1.14.1 0 0 100 i
*> 192.1.25.0 192.1.14.1 0 100 i
*> 192.1.46.0 0.0.0.0 0 32768 ?
*> 192.1.57.0 192.1.14.1 0 100 100 ?
R4#ping 5.5.5.5 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/65/132 ms
R5#sh ip bgp
BGP table version is 9, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 4.4.4.4/32 192.1.25.2 0 100 100 i
*> 5.5.5.5/32 0.0.0.0 0 32768 i
*> 6.6.6.6/32 192.1.25.2 0 100 100 ?
*> 7.7.7.7/32 192.1.57.7 2 32768 ?
*> 192.1.14.0 192.1.25.2 0 100 i
r> 192.1.25.0 192.1.25.2 0 0 100 i
*> 192.1.46.0 192.1.25.2 0 100 100 ?
*> 192.1.57.0 0.0.0.0 0 32768 ?
R5#ping 4.4.4.4 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 5.5.5.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/88 ms
R6#sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
7.0.0.0/32 is subnetted, 1 subnets
O E2 7.7.7.7 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
O E2 192.1.25.0/24 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
O E2 192.1.57.0/24 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
R6#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/85/140 ms
R7#sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
4.0.0.0/32 is subnetted, 1 subnets
O E2 4.4.4.4 [110/1] via 192.1.57.5, 1d02h, FastEthernet1/0
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/1] via 192.1.57.5, 1d02h, FastEthernet1/0
6.0.0.0/32 is subnetted, 1 subnets
O E2 6.6.6.6 [110/1] via 192.1.57.5, 1d02h, FastEthernet1/0
O E2 192.1.14.0/24 [110/1] via 192.1.57.5, 1d02h, FastEthernet1/0
O E2 192.1.46.0/24 [110/1] via 192.1.57.5, 1d02h, FastEthernet1/0
R7#ping 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/72/96 ms
Now, as reachability is in place let us start diving in configuring MPLS QoS
We will start from the C routers and configure it for IP Precedence classification
Let us choose precedence values 1, 2, 3 and 6
We will depend on MQC model to for our purposes
R6
class-map PRECEDENCE_6
match ip precedence 6
class-map PRECEDENCE_3
match ip precedence 3
class-map PRECEDENCE_2
match ip precedence 2
class-map PRECEDENCE_1
match ip precedence 1
policy-map MATCH
class PRECEDENCE_1
class PRECEDENCE_2
class PRECEDENCE_3
class PRECEDENCE_6
interface FastEthernet1/0
service-policy input MATCH
R7
class-map PRECEDENCE_6
match ip precedence 6
class-map PRECEDENCE_3
match ip precedence 3
class-map PRECEDENCE_2
match ip precedence 2
class-map PRECEDENCE_1
match ip precedence 1
policy-map MATCH
class PRECEDENCE_1
class PRECEDENCE_2
class PRECEDENCE_3
class PRECEDENCE_6
interface FastEthernet1/0
service-policy input MATCH
R6#ping 7.7.7.7 repeat 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 48/85/156 ms
R6#show policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy input: MATCH
Class-map: PRECEDENCE_1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps
Match: ip precedence 1
Class-map: PRECEDENCE_2 (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps
Match: ip precedence 2
Class-map: PRECEDENCE_3 (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps
Match: ip precedence 3
Class-map: PRECEDENCE_6 (match-all)
2 packets, 188 bytes
5 minute offered rate 0000 bps
Match: ip precedence 6
Class-map: class-default (match-any)
10 packets, 1140 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
R7#show policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy input: MATCH
Class-map: PRECEDENCE_1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps
Match: ip precedence 1
Class-map: PRECEDENCE_2 (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps
Match: ip precedence 2
Class-map: PRECEDENCE_3 (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps
Match: ip precedence 3
Class-map: PRECEDENCE_6 (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps
Match: ip precedence 6
Class-map: class-default (match-any)
10 packets, 1140 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
As we can see the ICMP packets fall in the class-default, and the PRECEDENCE_6 class counts as it relates to routing updates and keepalives and so on
Now, let us choose three applications: TELNET, TFTP and ICMP
We will configure CE routers to assign these applications precedence values as they are leaving toward the MPLS backbone
R4
ip access-list extended TELNET
permit tcp any any eq telnet
permit tcp any eq telnet any
ip access-list extended TFTP
permit udp any any eq 69
ip access-list extended ICMP
permit icmp any any
class-map ICMP_CLASS
match access-group name ICMP
class-map TFTP_CLASS
match access-group name TFTP
class-map TELNET_CLASS
match access-group name TELNET
policy-map MARK
class TELNET_CLASS
set ip precedence 1
class TFTP_CLASS
set ip precedence 2
class ICMP_CLASS
set ip precedence 3
class class-default
set ip precedence 6
interface FastEthernet1/0
service-policy output MARK
R5
ip access-list extended TELNET
permit tcp any any eq telnet
permit tcp any eq telnet any
ip access-list extended TFTP
permit udp any any eq 69
ip access-list extended ICMP
permit icmp any any
class-map ICMP_CLASS
match access-group name ICMP
class-map TFTP_CLASS
match access-group name TFTP
class-map TELNET_CLASS
match access-group name TELNET
policy-map MARK
class TELNET_CLASS
set ip precedence 1
class TFTP_CLASS
set ip precedence 2
class ICMP_CLASS
set ip precedence 3
class class-default
set ip precedence 6
interface FastEthernet1/0
service-policy output MARK
To enable telnet access
R6, R7
line vty 0 4
password cisco
login
enable secret cisco
For TFTP R7 will be the server and R6 will be the client
R7
tftp-server nvram:underlying-config
R4#show policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy output: MARK
Class-map: TELNET_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name TELNET
QoS Set
precedence 1
Packets marked 0
Class-map: TFTP_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name TFTP
QoS Set
precedence 2
Packets marked 0
Class-map: ICMP_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name ICMP
QoS Set
precedence 3
Packets marked 0
Class-map: class-default (match-any)
3 packets, 495 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
QoS Set
precedence 6
Packets marked 0
R4#show policy-map interface fastEthernet 1/0 | inc Class|marked
Class-map: TELNET_CLASS (match-all)
Packets marked 0
Class-map: TFTP_CLASS (match-all)
Packets marked 0
Class-map: ICMP_CLASS (match-all)
Packets marked 0
Class-map: class-default (match-any)
Packets marked 0
R6#ping 7.7.7.7 repeat 20
Type escape sequence to abort.
Sending 20, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (20/20), round-trip min/avg/max = 44/71/128 ms
R6#telnet 7.7.7.7
Trying 7.7.7.7 ... Open
User Access Verification
Password:
R7>en
Password:
R7#exit
[Connection to 7.7.7.7 closed by foreign host]
R6#copy tftp://7.7.7.7/underlying-config null:
Accessing tftp://7.7.7.7/underlying-config...
Loading underlying-config from 7.7.7.7 (via FastEthernet1/0): !
[OK - 233 bytes]
233 bytes copied in 0.252 secs (925 bytes/sec)
R4#show policy-map interface fastEthernet 1/0 | inc Class|marked
Class-map: TELNET_CLASS (match-all)
Packets marked 34
Class-map: TFTP_CLASS (match-all)
Packets marked 4
Class-map: ICMP_CLASS (match-all)
Packets marked 20
Class-map: class-default (match-any)
Packets marked 8
R5#show policy-map interface fastEthernet 1/0 | inc Class|marked
Class-map: TELNET_CLASS (match-all)
Packets marked 27
Class-map: TFTP_CLASS (match-all)
Packets marked 0
Class-map: ICMP_CLASS (match-all)
Packets marked 20
Class-map: class-default (match-any)
Packets marked 8
As we can see the count appears, but for TFTP traffic it’s a one way as one of the routers is acting as a server and the other one is acting as a client
Now, let us implement some queuing and policing
Let us focus on ICMP traffic, we will configure a 3 rate policer as below (as traffic is leaving toward the MPLS backbone)
Conform action: transmit
Exceed action: set the MPLS EXP bit to 5
Violate action: drop
R1
class-map EXP_CLASS
match mpls experimental topmost 3
policy-map EXP_POLICY
class EXP_CLASS
police 64000 conform-action transmit exceed-action set-mpls-exp-topmost-transmit 5 violate-action drop
interface FastEthernet1/0
service-policy output EXP_POLICY
R1#sh policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy output: EXP_POLICY
Class-map: EXP_CLASS (match-all)
20 packets, 2440 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: mpls experimental topmost 3
police:
cir 64000 bps, bc 2000 bytes, be 2000 bytes
conformed 20 packets, 2440 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
set-mpls-exp-topmost-transmit 5
violated 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
Class-map: class-default (match-any)
56172 packets, 21716570 bytes
5 minute offered rate 2000 bps, drop rate 0000 bps
Match: any
Now, let us configure on the P router (R3) MQC in order to check for the policy we configured
R3
class-map match-all PRECEDENCE_6
match mpls experimental topmost 6
class-map match-all PRECEDENCE_5
match mpls experimental topmost 5
class-map match-all PRECEDENCE_3
match mpls experimental topmost 3
class-map match-all PRECEDENCE_2
match mpls experimental topmost 2
class-map match-all PRECEDENCE_1
match mpls experimental topmost 1
policy-map MATCH
class PRECEDENCE_1
class PRECEDENCE_2
class PRECEDENCE_3
class PRECEDENCE_6
class PRECEDENCE_5
interface FastEthernet1/0
ip address 192.1.13.3 255.255.255.0
ip router isis 1
speed 100
duplex full
mpls ip
service-policy input MATCH
Now , we will generate some traffic from R6 toward R7 (we will influence the size of ICMP packets in order to see the dropped packets)
R6#ping 7.7.7.7 repeat 20 size 1600
Type escape sequence to abort.
Sending 20, 1600-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!.!!!.!!!.!!.!!!.!
Success rate is 75 percent (15/20), round-trip min/avg/max = 76/88/108 ms
R1#sh policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy output: EXP_POLICY
Class-map: EXP_CLASS (match-all)
40 packets, 33280 bytes
5 minute offered rate 1000 bps, drop rate 0000 bps
Match: mpls experimental topmost 3
police:
cir 64000 bps, bc 2000 bytes, be 2000 bytes
conformed 30 packets, 18060 bytes; actions:
transmit
exceeded 5 packets, 7610 bytes; actions:
set-mpls-exp-topmost-transmit 5
violated 5 packets, 7610 bytes; actions:
drop
conformed 1000 bps, exceeded 1000 bps, violated 1000 bps
Class-map: class-default (match-any)
17 packets, 6964 bytes
5 minute offered rate 2000 bps, drop rate 0000 bps
Match: any
R3#show policy-map interface fastEthernet 1/0 | inc Class|packets
Class-map: PRECEDENCE_1 (match-all)
0 packets, 0 bytes
Class-map: PRECEDENCE_2 (match-all)
0 packets, 0 bytes
Class-map: PRECEDENCE_3 (match-all)
40 packets, 18480 bytes
Class-map: PRECEDENCE_6 (match-all)
0 packets, 0 bytes
Class-map: PRECEDENCE_5 (match-all)
10 packets, 7820 bytes
Class-map: class-default (match-any)
10 packets, 725 bytes
As we can see the PRECEDENCE_5 class is counting
Now, let us move our policy toward the customer side (toward R5), R5 does not understand EXP bit as the disposition happens at its PE router: R2, so how we will apply the same policy and queuing mechanism? We will configure what so called QoS groups
R2
class-map match-all INPUT_CLASS
match mpls experimental topmost 3
policy-map INPUT_POLICY
class INPUT_CLASS
set qos-group 3
interface FastEthernet1/0
service-policy input INPUT_POLICY
class-map match-all OUTPUT_CLASS
match qos-group 3
policy-map OUTPUT_POLICY
class OUTPUT_CLASS
police 64000 conform-action transmit exceed-action set-mpls-exp-topmost-transmit 5 violate-action drop
interface FastEthernet1/1
service-policy output OUTPUT_POLICY
R6#ping 7.7.7.7 repeat 20 size 1600
Type escape sequence to abort.
Sending 20, 1600-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!.!!.!!.!!.!!.!!!.
Success rate is 70 percent (14/20), round-trip min/avg/max = 64/87/128 ms
R1#sh policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy output: EXP_POLICY
Class-map: EXP_CLASS (match-all)
40 packets, 33280 bytes
5 minute offered rate 3000 bps, drop rate 1000 bps
Match: mpls experimental topmost 3
police:
cir 64000 bps, bc 2000 bytes, be 2000 bytes
conformed 28 packets, 19156 bytes; actions:
transmit
exceeded 9 packets, 9558 bytes; actions:
set-mpls-exp-topmost-transmit 5
violated 3 packets, 4566 bytes; actions:
drop
conformed 2000 bps, exceeded 1000 bps, violated 1000 bps
Class-map: class-default (match-any)
25 packets, 10724 bytes
5 minute offered rate 1000 bps, drop rate 0000 bps
Match: any
R4#sh policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy output: MARK
Class-map: TELNET_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name TELNET
QoS Set
precedence 1
Packets marked 0
Class-map: TFTP_CLASS (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name TFTP
QoS Set
precedence 2
Packets marked 0
Class-map: ICMP_CLASS (match-all)
40 packets, 32960 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: access-group name ICMP
QoS Set
precedence 3
Packets marked 40
Class-map: class-default (match-any)
12 packets, 1380 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
QoS Set
precedence 6
Packets marked 2
R1#sh policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy output: EXP_POLICY
Class-map: EXP_CLASS (match-all)
40 packets, 33280 bytes
5 minute offered rate 3000 bps, drop rate 1000 bps
Match: mpls experimental topmost 3
police:
cir 64000 bps, bc 2000 bytes, be 2000 bytes
conformed 28 packets, 19156 bytes; actions:
transmit
exceeded 9 packets, 9558 bytes; actions:
set-mpls-exp-topmost-transmit 5
violated 3 packets, 4566 bytes; actions:
drop
conformed 2000 bps, exceeded 1000 bps, violated 1000 bps
Class-map: class-default (match-any)
25 packets, 10724 bytes
5 minute offered rate 1000 bps, drop rate 0000 bps
Match: any
R2#sh policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy input: INPUT_POLICY
Class-map: INPUT_CLASS (match-all)
54 packets, 29212 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: mpls experimental topmost 3
QoS Set
qos-group 3
Packets marked 54
Class-map: class-default (match-any)
33 packets, 2430 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
R2#sh policy-map interface fastEthernet 1/1
FastEthernet1/1
Service-policy output: OUTPUT_POLICY
Class-map: OUTPUT_CLASS (match-all)
54 packets, 28996 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: qos-group 3
police:
cir 64000 bps, bc 2000 bytes, be 2000 bytes
conformed 44 packets, 15452 bytes; actions:
transmit
exceeded 7 packets, 9074 bytes; actions:
set-mpls-exp-topmost-transmit 5
violated 3 packets, 4470 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
Class-map: class-default (match-any)
16 packets, 1603 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
Now, let us change the exceed action on R2
R2
policy-map OUTPUT_POLICY
class OUTPUT_CLASS
no police 64000 conform-action transmit exceed-action set-mpls-exp-topmost-transmit 5 violate-action drop
police 64000 conform-action transmit exceed-action set-prec-transmit 5 violate-action drop
Configure R7 to catch PRECEDENCE_5
R7
class-map PRECEDENCE_5
match ip precedence 5
policy-map MATCH
class PRECEDENCE_5
R6#ping 7.7.7.7 repeat 20 size 1600
Type escape sequence to abort.
Sending 20, 1600-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!.!!!.!!.!!.!!!.!!
Success rate is 75 percent (15/20), round-trip min/avg/max = 60/93/148 ms
R2#sh policy-map interface fastEthernet 1/1
FastEthernet1/1
Service-policy output: OUTPUT_POLICY
Class-map: OUTPUT_CLASS (match-all)
104 packets, 54896 bytes
5 minute offered rate 1000 bps, drop rate 0000 bps
Match: qos-group 3
police:
cir 64000 bps, bc 2000 bytes, be 2000 bytes
conformed 44 packets, 16960 bytes; actions:
transmit
exceeded 6 packets, 8940 bytes; actions:
set-prec-transmit 5
violated 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
Class-map: class-default (match-any)
47 packets, 4792 bytes
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
R7#show policy-map interface fastEthernet 1/0 | inc Class|packet
Class-map: PRECEDENCE_1 (match-all)
0 packets, 0 bytes
Class-map: PRECEDENCE_2 (match-all)
0 packets, 0 bytes
Class-map: PRECEDENCE_3 (match-all)
44 packets, 16960 bytes
Class-map: PRECEDENCE_6 (match-all)
3 packets, 282 bytes
Class-map: PRECEDENCE_5 (match-all)
6 packets, 8940 bytes
Class-map: class-default (match-any)
0 packets, 0 bytes
.net File
autostart = False
version = 0.8.3
[localhost:7202]
workingdir = /tmp
udp = 10200
[[7200]]
image = /home/noc/Downloads/c7200-adventerprisek9-mz.152-4.S.bin
ghostios = True
[[ROUTER R5]]
console = 2005
aux = 2505
slot1 = PA-2FE-TX
f1/0 = R2 f1/1
f1/1 = R7 f1/0
x = 144.0
y = 12.0
z = 1.0
[[ROUTER R6]]
console = 2006
aux = 2506
slot1 = PA-2FE-TX
f1/0 = R4 f1/1
x = -287.0
y = 121.0
z = 1.0
[localhost:7203]
workingdir = /tmp
udp = 10300
[[7200]]
image = /home/noc/Downloads/c7200-adventerprisek9-mz.152-4.S.bin
ghostios = True
[[ROUTER R7]]
console = 2007
aux = 2507
slot1 = PA-2FE-TX
f1/0 = R5 f1/1
x = 147.0
y = 130.0
z = 1.0
[localhost:7200]
workingdir = /tmp
udp = 10000
[[7200]]
image = /home/noc/Downloads/c7200-adventerprisek9-mz.152-4.S.bin
ghostios = True
[[ROUTER R1]]
console = 2001
aux = 2501
slot1 = PA-2FE-TX
f1/0 = R3 f1/0
f1/1 = R4 f1/0
x = -177.0
y = -82.0
z = 1.0
[[ROUTER R2]]
console = 2002
aux = 2502
slot1 = PA-2FE-TX
f1/0 = R3 f1/1
f1/1 = R5 f1/0
x = 33.0
y = -77.0
z = 1.0
[localhost:7201]
workingdir = /tmp
udp = 10100
[[7200]]
image = /home/noc/Downloads/c7200-adventerprisek9-mz.152-4.S.bin
ghostios = True
[[ROUTER R4]]
console = 2004
aux = 2504
slot1 = PA-2FE-TX
f1/0 = R1 f1/1
f1/1 = R6 f1/0
x = -290.0
y = 3.0
z = 1.0
[[ROUTER R3]]
console = 2003
aux = 2503
slot1 = PA-2FE-TX
f1/0 = R1 f1/0
f1/1 = R2 f1/0
x = -74.0
y = -166.0
z = 1.0